The following Fedora EPEL 7 Security updates need testing:
Age URL
22
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1fbdf7f103
chromium-65.0.3325.181-1.el7
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7c95e7ac21
libofx-0.9.9-2.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-13062a4d15
wordpress-4.9.5-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e56f478565
koji-1.15.1-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9f8e93d154
python-jwt-1.6.1-1.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2c81054303
remctl-3.14-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
borgmatic-1.1.15-2.el7
carbon-c-relay-3.3-1.el7
cppcheck-1.83-1.el7
dionaea-0.6.0-6.20180326git1748f3b.el7
gnucash-2.6.21-1.el7
gnucash-docs-2.6.20-1.el7
libmodulemd-1.3.0-1.el7
libupnp-1.6.25-1.el7
mld2p4-2.1.1-0.6.el7
mozilla-noscript-5.1.8.5-1.el7
mozilla-ublock-origin-1.15.24-1.el7
nghttp2-1.31.1-1.el7
psblas3-3.5.1-1.el7
python-distutils-extra-2.39-7.el7
resolv_wrapper-1.1.5-1.el7
whowatch-1.8.6-1.el7
xorgxrdp-0.2.6-2.el7
xrootd-4.8.2-2.el7
Details about builds:
================================================================================
borgmatic-1.1.15-2.el7 (FEDORA-EPEL-2018-edb3fd0810)
Simple Python wrapper script for borgbackup
--------------------------------------------------------------------------------
Update Information:
initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1566159 - Review Request: borgmatic - a simple Python wrapper script for the
Borg backup software
https://bugzilla.redhat.com/show_bug.cgi?id=1566159
--------------------------------------------------------------------------------
================================================================================
carbon-c-relay-3.3-1.el7 (FEDORA-EPEL-2018-271626c617)
Enhanced C implementation of Carbon relay, aggregator and rewriter
--------------------------------------------------------------------------------
Update Information:
Update to 3.3 ---- Update to 3.2 ---- Update to 3.1 ---- Update to 3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1442052 - carbon-c-relay-3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1442052
[ 2 ] Bug #1559849 - carbon-c-relay-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1559849
--------------------------------------------------------------------------------
================================================================================
cppcheck-1.83-1.el7 (FEDORA-EPEL-2018-86088e6b05)
Tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:
Update to 1.83, see changelog at
https://sourceforge.net/p/cppcheck/news/ EPEL7
build no longer has a GUI, since as of version 1.81 Qt5 is required and it is
not available on EPEL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534301 - cppcheck-1.83 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534301
--------------------------------------------------------------------------------
================================================================================
dionaea-0.6.0-6.20180326git1748f3b.el7 (FEDORA-EPEL-2018-c048c20448)
Low interaction honeypot
--------------------------------------------------------------------------------
Update Information:
New package: dionaea Summary: Low interaction honeypot Description: Dionaea
honeypot is meant to be a nepenthes successor, embedding python as scripting
language, using libemu to detect shellcodes, supporting ipv6 and tls.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1564716 - Review Request: dionaea - Low interaction honeypot
https://bugzilla.redhat.com/show_bug.cgi?id=1564716
--------------------------------------------------------------------------------
================================================================================
gnucash-2.6.21-1.el7 (FEDORA-EPEL-2018-56a49bb265)
Finance management application
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to the latest stable 2.6.x release, 2.6.21. For a list of
bugs fixed, see the upstream release notes at
https://gnucash.org/.
--------------------------------------------------------------------------------
================================================================================
gnucash-docs-2.6.20-1.el7 (FEDORA-EPEL-2018-56a49bb265)
Help files and documentation for the GnuCash personal finance manager
--------------------------------------------------------------------------------
Update Information:
This updates GnuCash to the latest stable 2.6.x release, 2.6.21. For a list of
bugs fixed, see the upstream release notes at
https://gnucash.org/.
--------------------------------------------------------------------------------
================================================================================
libmodulemd-1.3.0-1.el7 (FEDORA-EPEL-2018-cb61dea6dc)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
# Update to version 1.3.0 - New Public Objects: * Modulemd.Prioritizer -
tool to merge module defaults - New Public Functions: *
Modulemd.SimpleSet.is_equal() * Modulemd.Defaults.copy() *
Modulemd.Defaults.merge()
--------------------------------------------------------------------------------
================================================================================
libupnp-1.6.25-1.el7 (FEDORA-EPEL-2018-b06ef37573)
Universal Plug and Play (UPnP) SDK
--------------------------------------------------------------------------------
Update Information:
Update to current bugfix release from 1.6 branch: - Fix segmentation fault in
http_MakeMessage - Fix assertion error when http_MakeMessage is called with E in
fmt - libupnp.pc: drop -pthread from Cflags - Queue events on their subscription
object instead of adding them to the thread pool immediately. - Some more
compat helpers
--------------------------------------------------------------------------------
================================================================================
mld2p4-2.1.1-0.6.el7 (FEDORA-EPEL-2018-bca22a0687)
MultiLevel Domain Decomposition Parallel Preconditioners Package based on PSBLAS
--------------------------------------------------------------------------------
Update Information:
- Update to psblas3-3.5.1 - mld2p4 rebuilds
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-5.1.8.5-1.el7 (FEDORA-EPEL-2018-c250d7e83c)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
Numerous bug fixes and enhancements since 2.9.0.13. The full list of changes is
available [
here](https://noscript.net/changelog#5.1.8.5).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1557903 - update to 5.1.8.5
https://bugzilla.redhat.com/show_bug.cgi?id=1557903
--------------------------------------------------------------------------------
================================================================================
mozilla-ublock-origin-1.15.24-1.el7 (FEDORA-EPEL-2018-7de58184a5)
An efficient blocker for Firefox
--------------------------------------------------------------------------------
Update Information:
An efficient blocker for Firefox.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1557905 - EPEL branch missing
https://bugzilla.redhat.com/show_bug.cgi?id=1557905
--------------------------------------------------------------------------------
================================================================================
nghttp2-1.31.1-1.el7 (FEDORA-EPEL-2018-7c41fcb3cc)
Experimental HTTP/2 client, server and proxy
--------------------------------------------------------------------------------
Update Information:
- update to the latest upstream release (fixes CVE-2018-1000168)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1566989 - CVE-2018-1000168 nghttp2: Null pointer dereference when too large
ALTSVC frame is received [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1566989
--------------------------------------------------------------------------------
================================================================================
psblas3-3.5.1-1.el7 (FEDORA-EPEL-2018-bca22a0687)
Parallel Sparse Basic Linear Algebra Subroutines
--------------------------------------------------------------------------------
Update Information:
- Update to psblas3-3.5.1 - mld2p4 rebuilds
--------------------------------------------------------------------------------
================================================================================
python-distutils-extra-2.39-7.el7 (FEDORA-EPEL-2018-7a79bcef81)
Integrate more support into Python's distutils
--------------------------------------------------------------------------------
Update Information:
- Update to 2.39 - Ship python34-distutils-extras - Use python2 naming
--------------------------------------------------------------------------------
================================================================================
resolv_wrapper-1.1.5-1.el7 (FEDORA-EPEL-2018-a9ea6e56ca)
A wrapper for dns name resolving or dns faking
--------------------------------------------------------------------------------
Update Information:
Update to version 1.1.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1566196 - resolv_wrapper: please update to 1.1.5
https://bugzilla.redhat.com/show_bug.cgi?id=1566196
--------------------------------------------------------------------------------
================================================================================
whowatch-1.8.6-1.el7 (FEDORA-EPEL-2018-ec6d23d77c)
Display information about users currently logged on
--------------------------------------------------------------------------------
Update Information:
Update to 1.8.6. * Support sending INT/HUP/TERM signals * Show TERM instead of
KILL in menus * Restore terminal status on exit * OS portability improvements *
Build and code improvements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1567514 - whowatch-1.8.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1567514
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.2.6-2.el7 (FEDORA-EPEL-2018-0b4d2d939e)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
Rebuild against RHEL 7.5, which comes with upgraded xorg-x11-server.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1565957 - xorgxrdp needs to be rebuilt against new Xorg in RHEL7.5
https://bugzilla.redhat.com/show_bug.cgi?id=1565957
--------------------------------------------------------------------------------
================================================================================
xrootd-4.8.2-2.el7 (FEDORA-EPEL-2018-f676b11c72)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
## Release Notes ### Version 4.8.2 #### Major bug fixes * **[Proxy]** Make
sure to use N2N even when only localroot specified, fixes #650.
* **[Proxy]** Fully support third party copy in proxy servers. * **[Server]**
Correct faulty logic for sendq backlog warning message. * **[XrdCl]**
Correctly handler error/wait response to endsess request. * **[XrdCl]**
MsgHandler must not be enqueued in InQueue on virtual redirect,
fixes #682 * **[XrdCl]** Add ZIP64 support, fixes #402 * **[XrdHttp]**
Always have OpenSSL read/write data through the XrdLink
object. #### Minor bug fixes * **[Net]** Optimize formatting corresponding
to RFC 1178 and RFC 3696. * **[XrdHttp]** Fix HTTP PUT flags, fixes #637. *
**[XrdHttp]** Close file handle for simple HTTP reads. * **[All]** Fix
compilation with gcc 8. * **[CMake]** Make sure plugins are declared as
MODULEs, fixes #653 * **[SSI]** Ruggedize server-side SSI interactions. *
**[SSI]** Prevent request ID conflicts with reusable resources. * **[XrdCl]**
Validate URLs comming from metalinks. #### Miscellaneous * **[Server]**
Correct lock handling in commit 2c169141. * **[Server]** Make endsess more
reliable. * **[Server]** Make sure no temporary opens occur during error
recovery. * **[Server]** Add method to get logging mask. * **[XrdHttp]**
Support HTTP chunked transfer encoding. * **[XrdHttp]** Allow parsing of
unknown HTTP verbs. * **[XrdOss]** Improve XrdPosix 'rename' POSIX compliancy
* **[Proxy]** Make sure to pass through TPC requests in outgoing proxies. *
**[Proxy]** Support progress bar during TPC transfers. * **[Proxy]** Do not
fail a TPC fstat() due to bad timing.
--------------------------------------------------------------------------------